CVE-2009-3955Out-of-bounds Write in Adobe Acrobat

CWE-3994 documents4 sources
Severity
10.0CRITICALNVD
EPSS
36.2%
top 2.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJan 13
Latest updateMay 2

Description

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDadobe/acrobat9.2+46

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

1
GHSA
GHSA-wfg4-6mw6-5m2j: Adobe Reader and Acrobat 92022-05-02

📋Vendor Advisories

1
Red Hat
acroread: multiple code execution flaws (APSB10-02)2010-01-12

💬Community

1
Bugzilla
CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3959 acroread: multiple code execution flaws (APSB10-02)2010-01-11
CVE-2009-3955 — Out-of-bounds Write in Adobe Acrobat | cvebase